Magic Lantern (spyware)

Last updated

Magic Lantern
Original author(s) Federal Bureau of Investigation
Operating system Microsoft Windows
Type Keylogger

Magic Lantern is keystroke logging software created by the United States' Federal Bureau of Investigation (FBI). Magic Lantern was first reported in a column by Bob Sullivan of MSNBC on November 20, 2001 [1] and by Ted Bridis of the Associated Press. [2]

Contents

Methodology

Magic Lantern can reportedly be installed remotely, via an e-mail attachment or by exploiting common operating system vulnerabilities, unlike previous keystroke logger programs used by the FBI. [3] [4] It has been described as a virus and a Trojan horse. It is not known how the program might store or communicate the recorded keystrokes.

Purpose

In response to a Freedom of Information Act request filed in 2000 by the Electronic Privacy Information Center, the FBI released a series of unclassified documents relating to Carnivore, which included the "Enhanced Carnivore Project Plan". Sullivan's confidential source said that redacted portions of that document mention "Cyber Knight",

a database that sorts and matches data gathered using various Carnivore-like methods from e-mail, chat rooms, instant messages, and Internet phone calls. It also matches files with captured encryption keys.

Example deployment method

The FBI intends to deploy Magic Lantern in the form of an e-mail attachment. When the attachment is opened, it installs a trojan horse on the suspect's computer. The trojan horse is activated when the suspect uses PGP encryption, often used to increase the security of sent e-mail messages. When activated, the trojan horse will log the PGP password, which allows the FBI to decrypt user communications. [5]

Spokesmen for the FBI soon confirmed the existence of a program called Magic Lantern. They denied that it had been deployed, and they declined to comment further. [6]

Antivirus vendor cooperation

The disclosure of the existence of Magic Lantern sparked a debate as to whether anti-virus companies could or should detect the FBI's keystroke logger.

Concerns include uncertainties about Magic Lantern's full potential and whether hackers could subvert it for purposes outside the jurisdiction of the law. [7] [8]

Bridis reported that Network Associates (maker of McAfee anti-virus products), had contacted the FBI following the press reports about Magic Lantern to ensure their anti-virus software would not detect the program. [9] Network Associates issued a denial, fueling speculation as to which anti-virus products might or might not detect government trojans. [10]

CNET News has surveyed 13 security companies about their contacts with and level of cooperation with law enforcement authorities. None of them confirmed that their products cover up malware installed by the government. [11]

Graham Cluley, a technology consultant from Sophos, said "We have no way of knowing if it was written by the FBI, and even if we did, we wouldn't know whether it was being used by the FBI or if it had been commandeered by a third party". [12] Another reaction from this came from Marc Maiffret, chief technology officer and cofounder of eEye Digital Security who states: "Our customers are paying us for a service, to protect them from all forms of malicious code. It is not up to us to do law enforcement's job for them so we do not, and will not, make any exceptions for law enforcement malware or other tools." [13]

When asked if Magic Lantern would need a court order to deploy, FBI spokesman Paul Bresson would not comment, stating: "Like all technology projects or tools deployed by the FBI it would be used pursuant to the appropriate legal process." [14] [15] Proponents of Magic Lantern argue the technology would allow law enforcement to efficiently and quickly decrypt messages protected by encryption schemes. Implementing Magic Lantern does not require physical access to a suspect's computer, unlike Carnivore, a predecessor to Magic Lantern, since physical access to a computer would require a court order. [16]

Following the media coverage of Magic Lantern, F-Secure (a Finnish anti-virus company), announced their policy on detecting government spying programs: "F-Secure Corporation would like to make known that we will not leave such backdoors to our F-Secure Anti-Virus products, regardless of the source of such tools. We have to draw a line with every sample we get regarding whether to detect it or not. This decision-making is influenced only by technical factors, and nothing else, but within the applicable laws and regulations, in our case meaning EU laws. We will also be adding detection of any program we see that might be used for terrorist activity or to benefit organized crime. We would like to state this for the record, as we have received queries regarding whether we would have the guts to detect something obviously made by a known violent mafia or terrorist organization. Yes we would." [17]

See also

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

Spyware is any software with malicious behavior that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's security, or other means. This behavior may be present in malware and in legitimate software. Websites may engage in spyware behaviors like web tracking. Hardware devices may also be affected.

In computing, a Trojan horse is any malware that misleads users of its true intent by disguising itself as a standard program. The term is derived from the ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy.

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.

Computer and network surveillance is the monitoring of computer activity and data stored locally on a computer or data being transferred over computer networks such as the Internet. This monitoring is often carried out covertly and may be completed by governments, corporations, criminal organizations, or individuals. It may or may not be legal and may or may not require authorization from a court or other independent government agencies. Computer and network surveillance programs are widespread today and almost all Internet traffic can be monitored.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment. Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptosystems. From there it may be used to gain access to privileged information like passwords, corrupt or delete data on hard drives, or transfer information within autoschediastic networks.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

F-Secure Corporation is a global cyber security and privacy company, which has its headquarters in Helsinki, Finland.

Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the original Norton 360 security suite. The suite was once again rebranded to Norton 360 in 2019.

Secure communication is when two entities are communicating and do not want a third party to listen in. For this to be the case, the entities need to communicate in a way that is unsusceptible to eavesdropping or interception. Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what is said. Other than spoken face-to-face communication with no possible eavesdropper, it is probable that no communication is guaranteed to be secure in this sense, although practical obstacles such as legislation, resources, technical issues, and the sheer volume of communication serve to limit surveillance.

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.

The Computer and Internet Protocol Address Verifier (CIPAV) is a data gathering tool that the Federal Bureau of Investigation (FBI) uses to track and gather location data on suspects under electronic surveillance. The software operates on the target computer much like other forms of spyware, whereas it is unknown to the operator that the software has been installed and is monitoring and reporting on their activities.

<span class="mw-page-title-main">Vba32 AntiVirus</span> Antivirus software

VBA32 is antivirus software from the vendor VirusBlokAda for personal computers running Microsoft Windows. It detects and neutralizes computer viruses, computer worms, Trojan horses and other malware in real time and on demand.

The Zlob Trojan, identified by some antiviruses as Trojan.Zlob, is a Trojan horse which masquerades as a required video codec in the form of ActiveX. It was first detected in late 2005, but only started gaining attention in mid-2006.

An anti-keylogger is a type of software specifically designed for the detection of keystroke logger software; often, such software will also incorporate the ability to delete or at least immobilize hidden keystroke logger software on a computer. In comparison to most anti-virus or anti-spyware software, the primary difference is that an anti-keylogger does not make a distinction between a legitimate keystroke-logging program and an illegitimate keystroke-logging program ; all keystroke-logging programs are flagged and optionally removed, whether they appear to be legitimate keystroke-logging software or not. The anti-keylogger is efficient in managing malicious users. It can detect the keyloggers and terminate them from the system.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

Titanium is a very advanced backdoor malware APT, developed by PLATINUM, a cybercrime collective. The malware was uncovered by Kaspersky Lab and reported on 8 November 2019. According to Global Security Mag, "Titanium APT includes a complex sequence of dropping, downloading and installing stages, with deployment of a Trojan-backdoor at the final stage." Much of the sequence is hidden from detection in a sophisticated manner, including hiding data steganographically in a PNG image. In their announcement report, Kaspersky Lab concluded: "The Titanium APT has a very complicated infiltration scheme. It involves numerous steps and requires good coordination between all of them. In addition, none of the files in the file system can be detected as malicious due to the use of encryption and fileless technologies. One other feature that makes detection harder is the mimicking of well-known software. Regarding campaign activity, we have not detected any current activity [as of 8 November 2019] related to the Titanium APT."

Norton 360 was an "all-in-one" security suite for the consumer market developed by Symantec. Originally released in 2006, it was discontinued in 2014; its features were carried over to its successor, Norton Security. However, in 2019, Symantec released a new Norton 360, as a product replacement for Norton Security.

References

  1. Sullivan, Bob (November 20, 2001). "FBI software cracks encryption wall". NBC News . Retrieved November 20, 2007.
  2. Bridis, Ted (November 22, 2001). "FBI Develops Eavesdropping Tools". The Washington Post .
  3. "FBI's Secret Spyware Tracks Down Teen Who Made Bomb Threats". Wired Magazine . July 18, 2007. Archived from the original on May 25, 2008.
  4. "Threat of Terrorism On U.S. Infrastructure". The New York Times . December 31, 2001.
  5. "FBI Has a Magic Lantern". Usgovinfo.about.com. Archived from the original on May 21, 2005. Retrieved February 23, 2009.
  6. Hentoff, Nat (May 24, 2002). "The FBI's Magic Lantern". Village Voice . Archived from the original on May 12, 2006.
  7. Lawton, George (July 2002). "Invasive Software: Who's Inside Your Computer?" (PDF). Pace University. Archived from the original (PDF) on July 20, 2011. Retrieved March 12, 2009.
  8. "The FBI's "Magic Lantern" Shines Bright". kaspersky.com. December 11, 2001. Retrieved February 23, 2009.
  9. "An Infographic: Magic Lantern, a Keystroke Logging Software Developed by the FBI". Web Hosting | Cloud Computing | Datacenter | Domain News. July 29, 2013. Retrieved November 21, 2020.
  10. McCullagh, Declan (November 27, 2001). "'Lantern' Backdoor Flap Rages". Wired .
  11. "Security firms on police spyware, in their own words". CNET News. July 17, 2007.
  12. Jackson, William (December 6, 2001). "Antivirus vendors are wary of FBI's Magic Lantern". Government Computer News. Archived from the original on September 10, 2012. Retrieved February 23, 2009.
  13. McCullagh, Declan (July 17, 2007). "Will security firms detect police spyware". CNET News. Retrieved February 23, 2009.
  14. Mills Abreu, Elinor (December 31, 2001). "FBI Confirms 'Magic Lantern' Project Exists" (PDF). Reuters. Archived from the original (PDF) on July 20, 2011. Retrieved March 12, 2009 via University of Michigan.
  15. Woo, Christopher; So, Miranda (2002). "THE CASE FOR MAGIC LANTERN: SEPTEMBER 11 HIGHLIGHTS THE NEED FOR INCREASED SURVEILLANCE" (PDF). Harvard Journal of Law & Technology. Retrieved March 12, 2009.
  16. Etzioni, Amitai (2002). "Implications of Select New Technologies for Individual Rights and Public Safety". Harvard Journal of Law & Technology via ResearchGate.
  17. "F-Secure Corporation's policy on detecting spying programs developed by various governments". F-Secure. Archived from the original on February 25, 2012. Retrieved June 25, 2011.

Further reading